<?php

     session_start();
     include('common.php');
     include('../includes/pager.php');

    if (session_is_registered(MySBB_Admin_username) and $member_permission == 1)
    {

// **  **

         if ($groupper_row['admincp_member'] != 1)
         {
             $SF->error('المعذره .. هذه الميزه غير متاحه لك !');
         }

// **  **

         if ($_GET['add'] == 1)
         {
             if ($_GET['index'] == 1)
             {
                 $SF->Make_cplink_path("<a href='member.php?main=1'>الاعضاء</a> -> اضافة عضو");
                 $Smarty->display('member_add.tpl');
             }

             if ($_GET['start'] == 1)
             {
                 $email_check  = explode('@',$_POST['T3']);
                 $member_check = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='" . $_POST['T1'] . "'"));
                 $mail_check   = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE email='" . $_POST['T3'] . "'"));

                 if (empty($_POST['T1']) or empty($_POST['T2']))
                 {
                     $SF->error('يرجى تعبئة كافة المعلومات');
                 }

                 if (count($email_check) == 1)
                 {
                     $SF->error('يرجى كتابة بريدك الصحيح !');
                 }

                 if ($member_check > 0)
                 {
                     $SF->error('المعذره .. اسم المستخدم موجود مسبقاً');
                 }

                 if ($mail_check > 0)
                 {
                     $SF->error('المعذره .. البريد الالكتروني موجود مسبقاً');
                 }

                 if ($_POST['gender'] != 'm' and $_POST['gender'] != 'f')
                 {
                     $SF->error('خطأ , الجنس إما ذكر او انثى');
                 }

                 if (!$SF->CheckEmail($_POST['T3']))
                 {
                     $SF->error('البريد الالكتروني غير صحيح');
                 }

                 $registerdate = date("Y-m-d");
                 $insert       = $DB->sql_query("INSERT INTO " . $db_prefix . "member(id,username,password,email,user_gender,register_date,user_title,style,usergroup) VALUES('NULL','".$_POST['T1']."','".md5($_POST['T2'])."','".$_POST['T3']."','".$_POST['gender']."','".$registerdate."','عضو','" . $info_row['def_style'] . "','4')");
                 $id           = $DB->sql_insert_id($insert);

                 if ($insert)
                 {
                     $member_num = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member"));
                     $update_lastmember = $DB->sql_query("UPDATE " . $db_prefix . "info SET last_member='" . $_POST['T1'] . "',last_member_id='" . $id . "',member_number='" . $member_num . "' WHERE id='1'");

                     $SF->msg('تم اضافة العضو بنجاح !');
                     $SF->go_to('member.php?main=1',2);
                 }
             }
         }

// **  **

         if ($_GET['main'] == 1)
         {
             $SF->Make_cplink_path('الاعضاء');

             if (!isset($_GET['page']) OR $_GET['page'] < 1)
             {
                 $_GET['page'] = 1;
             }

             $page  = intval($_GET['page']);
             $start = ($info_row['perpage'] * ($page-1));

             $RP = new Pager($page);

             if (empty($_GET['order']))
             {
                 $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY username ASC LIMIT $start,40");
                 $Smarty->assign('dont_print_SC',1);
             }

             if ($_GET['order'] == 1)
             {
                 if ($_GET['order_type'] == 'DESC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY posts DESC LIMIT $start,40");
                 }

                 if ($_GET['order_type'] == 'ASC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY posts ASC LIMIT $start,40");
                 }
             }

             if ($_GET['order'] == 2)
             {
                 if ($_GET['order_type'] == 'DESC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY register_date DESC LIMIT $start,40");
                 }

                 if ($_GET['order_type'] == 'ASC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY register_date ASC LIMIT $start,40");
                 }
             }

             if ($_GET['order'] == 3)
             {
                 if ($_GET['order_type'] == 'DESC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY visitor DESC LIMIT $start,40");
                 }

                 if ($_GET['order_type'] == 'ASC')
                 {
                     $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY visitor ASC LIMIT $start,40");
                 }
             }

             $memberlist_row = array();
             while ($memberrow = $DB->sql_fetch_array($member_query))
             {
                 $memberlist_row[] = $memberrow;
                 $Smarty->assign('memberlist_row',$memberlist_row);
             }

             $RP->SetPagerN('40', $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member")));

             $url = "{$REQUEST_URI}";
             $url_array = explode('ASC',$url);

             if (count($url_array) == 2)
             {
                 $url        = str_replace('ASC','DESC',$url);
                 $type_print = 'تصاعدي';
             }
             elseif (count($url_array) == 1)
             {
                 $url        = str_replace('DESC','ASC',$url);
                 $type_print = 'تنازلي';
             }

             $Smarty->assign('type_print',$type_print);
             $Smarty->assign('url',$url);

             $Smarty->display('memberlist.tpl');

             print $RP->PageNum('main=1');
         }

// **  **

         if ($_GET['edit'] == 1)
         {
             if ($_GET['index'] == 1)
             {
                 $id = intval($_GET['id']);
                 if ($id != $member_row['id'])
                 {
                     $restricted_ids = explode(",",$un_editable_users);
                     if(in_array($id,$restricted_ids))
                     {
                        $SF->error('ليس لديك الصلاحيات للتحكم ببيانات هذا العضو');
                     }
                 }
                 $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE id='" . $id . "'");
                 $member_info  = $DB->sql_fetch_array($member_query);

                 $membergroupd_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "group WHERE id='" . $member_info['usergroup']  . "'");
                 $membergroupd_row   = $DB->sql_fetch_array($membergroupd_query);

                 $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "group");

                 $groups_rows = array();
                 while ($group_row = $DB->sql_fetch_array($group_query))
                 {
                     $groups_rows[] = $group_row;
                     $Smarty->assign('group_rows',$groups_rows);
                 }

                 $SF->Make_cplink_path("<a href='member.php?main=1'>الاعضاء</a> -> تحرير العضو : " . $member_info['username']);

                 if ($DB->sql_num_rows($member_query) <= 0)
                 {
                     $SF->error('العضو المطلوب غير موجود !');
                 }

                 $sig = str_replace('<br>','',$member_info['user_sig']);
                 $sig = htmlspecialchars($sig);

                 $Smarty->assign('sig',$sig);
                 $Smarty->assign_by_ref('membergroupd_row',$membergroupd_row);
                 $Smarty->assign_by_ref('member_info',$member_info);
                 $Smarty->display('member_edit.tpl');
             }

             if ($_GET['start'] == 1)
             {
                 $id = intval($_GET['id']);

                 if (empty($_POST['T1']) or (empty($_POST['T5']) and $_POST['T5'] != 0))
                 {
                     $SF->error('لا يمكن ترك المعلومات الهامه فارغه');
                 }

                 $member_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE id='" . $id . "'");
                 $member_info  = $DB->sql_fetch_array($member_query);

                 $update_username2 = $DB->sql_query("UPDATE " . $db_prefix . "pm SET user_from='" . $_POST['T1'] . "' WHERE user_from='" . $member_info['username'] . "'");
                 $update_username3 = $DB->sql_query("UPDATE " . $db_prefix . "pm SET user_to='" . $_POST['T1'] . "' WHERE user_to='" .  $member_info['username'] . "'");
                 $update_username4 = $DB->sql_query("UPDATE " . $db_prefix . "pmfolder SET username='" . $_POST['T1'] . "' WHERE username='" .  $member_info['username'] . "'");
                 $update_username5 = $DB->sql_query("UPDATE " . $db_prefix . "reply SET writer='" . $_POST['T1'] . "' WHERE writer='" .  $member_info['username'] . "'");
                 $update_username6 = $DB->sql_query("UPDATE " . $db_prefix . "subject SET writer='" . $_POST['T1'] . "' WHERE writer='" .  $member_info['username'] . "'");
                 $update_username7 = $DB->sql_query("UPDATE " . $db_prefix . "requests SET username='" . $_POST['T1'] . "' WHERE username='" .  $member_info['username'] . "'");
                 $update_username8 = $DB->sql_query("UPDATE " . $db_prefix . "today SET username='" . $_POST['T1'] . "' WHERE username='" .  $member_info['username'] . "'");
	 
                 $groupper_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "group WHERE id='" . $_POST['D3'] . "'");
                 $groupper_row   = $DB->sql_fetch_array($groupper_query);
		 
                 $username_wstyle = $groupper_row['username_style'];
                 $username_wstyle = explode('[username]',$username_wstyle);
                 $style_username  = addslashes($username_wstyle[0] . htmlspecialchars($_POST['T1']) . $username_wstyle[1]);

                 $update_today  = $DB->sql_query("UPDATE " . $db_prefix . "today SET username_style='" . $style_username . "' WHERE user_id='" . $member_info['id'] . "'");
			
                 if ($_POST['T11'] != '')
                 {
                     $password = " password='" . md5($_POST['T11']) . "',";
                 }
                 else
                 {
                     $password = "";
                 }


                 $sig     = $_POST['S1'];
                 $update  = $DB->sql_query("UPDATE " . $db_prefix . "member SET username='" . $_POST['T1'] . "',$password email='" . $_POST['T2'] . "',user_country='" . $_POST['T3'] . "',user_gender='" . $_POST['D1'] . "',user_website='" . $_POST['T4'] . "',posts='" . $_POST['T5'] . "',user_title='" . $_POST['T6'] . "',visitor='" . $_POST['T7'] . "',user_info='" . $_POST['T8'] . "',avater_path='" . $_POST['T9'] . "',user_sig='" . $sig . "',usergroup='" . $_POST['D3'] . "' WHERE id='" . $id . "'");

                 if ($_POST['T11'] != '')
                 {
                     $adminpass = md5($_POST['T11']);
                     $show['adminpass'] = 1;
                 }
                 else
                 {
                     $adminpass = "";
                     $show['adminpass'] = 0;
                 }

                 if ($member_row['id'] == $id)
                 {
                     if ($member_row['username'] != $_POST['T1'])
                     {
                         setcookie('MySBB_Admin_username' , ''.$_POST['T1'].'');
                         setcookie('MySBB_username' , ''.$_POST['T1'].'');
                     }

                     if ($show['adminpass'] == 1)
                     {
                         setcookie('MySBB_Admin_password' , ''.$adminpass.'');
                         setcookie('MySBB_password' , ''.$adminpass.'');
                     }
                 }

                 if ($update)
                 {

 		     $admin_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectionadmin WHERE member_id='" . $id . "'");
		     $admin_num = $DB->sql_num_rows($admin_query);
		     if ($admin_num < 1)
			{
			# do nothing
			}else{
			$update = $DB->sql_query("UPDATE " . $db_prefix  ."sectionadmin SET username='" . $_POST['T1'] . "' WHERE member_id='" . $id . "'");
			$SF->UpdateForumsArray();
			}

                     $SF->msg('تم التحديث بنجاح !');
                     $SF->go_to('member.php?edit=1&index=1&id=' . $id,2);
                 }
             }
         }

// **  **


         if ($_GET['search'] == 1)
         {
             if ($_GET['index'] == 1)
             {
                 $SF->Make_cplink_path("<a href='member.php?main=1'>الاعضاء</a> -> بحث");
                 $Smarty->display('member_search.tpl');
             }

             if ($_GET['start'] == 1)
             {
                 $SF->Make_cplink_path("<a href='member.php?main=1'>الاعضاء</a> -> نتائج البحث");

                 if ($_POST['D1'] == 1)
                 {
                     $query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='" . $_POST['T1'] . "'");
                 }
                 elseif ($_POST['D1'] == 2)
                 {
                     $query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE posts='" . $_POST['T1'] . "'");
                 }
                 elseif ($_POST['D1'] == 3)
                 {
                     $query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE visitor='" . $_POST['T1'] . "'");
                 }
                 elseif ($_POST['D1'] == 4)
                 {
                     $query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE email='" . $_POST['T1'] . "'");
                 }

                 $search_num = $DB->sql_num_rows($query);

                 if ($search_num <= 0)
                 {
                     $SF->error('لا يوجد نتائج');
                 }

                 $search_rows = array();
                 while ($search_row = $DB->sql_fetch_array($query))
                 {
                     $search_rows[] = $search_row;
                     $Smarty->assign('memberlist_row',$search_rows);
                 }

                 $Smarty->display('memberlist.tpl');
             }
         }

// **  **

         if ($_GET['mail'] == 1)
         {
             if ($_GET['index'] == 1)
             {
                 $SF->Make_cplink_path("<a href='member.php?main=1'>الاعضاء</a> -> مراسله");

                 $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "group WHERE title<>'الزوار' ORDER BY id DESC");

                 $groups_rows = array();
                 while ($group_row = $DB->sql_fetch_array($group_query))
                 {
                     $groups_rows[] = $group_row;
                     $Smarty->assign('group_rows',$groups_rows);
                 }

                 $Smarty->display('member_send_msg.tpl');
             }

             if ($_GET['store_msg_info'] == 1)
             {
                 $SF->msg('يرجى الانتظار , يتم الآن حفظ معلومات الارسال في قواعد البيانات ...');

                 $update = $DB->sql_query("UPDATE " . $db_prefix . "info SET msg_title_temp='" . $_POST['T1'] . "',msg_content_temp='" . nl2br($_POST['S1']) . "' WHERE id='1'");
                 if ($update)
                 {
                     $SF->msg('تم الحفظ بنجاح , سوف يبدأ البرنامج بالارسال');
                     $SF->go_to('member.php?mail=1&start_send=1&D1=' . $_POST['D1'],2);
                 }
             }

             if ($_GET['start_send'] == 1)
             {
                 if ($_GET['D1'] == 'all')
                 {
                     if (!isset($_GET['page']) OR $_GET['page'] < 1)
                     {
                         $_GET['page'] = 1;
                     }
                     
					 $page  = intval($_GET['page']);
                     $start = (50 * ($page-1));

                     $RP = new Pager($page); #Pager class by rafia

                     $RP->SetPagerN(50,$DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY id DESC")));

                     $getmember_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member ORDER BY id DESC LIMIT $start,50");

                     $SF->msg("<a href='member.php?mail=1&index=1'>عوده</a>");

                     while ($getmember_row = $DB->sql_fetch_array($getmember_query))
                     {
                         $mail = $SF->mail($getmember_row['email'],$info_row['msg_title_temp'],$info_row['msg_content_temp'],$info_row['send_email']);

                         if ($mail)
                         {
                             $SF->msg('تم الارسال بنجاح إلى ' . htmlspecialchars($getmember_row['username']));
                         }
                     }

                     $SF->msg("<a href='member.php?mail=1&index=1'>عوده</a>");

                     echo $RP->PageNum('mail=1&start_send=1&D1=all&T1=' . $title . '&S1=' . nl2br(htmlspecialchars($msg)));
                 }
                 else
                 {
                 	
					if (!isset($_GET['page']) OR $_GET['page'] < 1)
                    {
                        $_GET['page'] = 1;
                    }
                     
					$page  = intval($_GET['page']);
                    $start = (50 * ($page-1));

                    $RP = new Pager($page); #Pager class by rafia

                    $RP->SetPagerN(50,$DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE usergroup='" . intval($_GET['D1']). "'  ORDER BY id DESC")));
					
					$getmember_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE usergroup='" . intval($_GET['D1']). "'  ORDER BY id DESC LIMIT $start,50");
                 	
                 	while ($getmember_row = $DB->sql_fetch_array($getmember_query))
                    {
                    	//$mail = $SF->mail($getmember_row['email'],$info_row['msg_title_temp'],$info_row['msg_content_temp'],$info_row['send_email']);
                    	
                    	if ($mail)
                    	{
                    		$SF->msg('تم الارسال بنجاح إلى ' . htmlspecialchars($getmember_row['username']));
                    	}
                    }
					
                    $SF->msg("<a href='member.php?mail=1&index=1'>عوده</a>");
					
					echo $RP->PageNum('mail=1&start_send=1&D1=' . intval($_GET['D1']). '&T1=' . $title . '&S1=' . nl2br(htmlspecialchars($msg)));
                 }
             }
         }

// **  **

         if ($_GET['del'] == 1)
         {
             if ($_GET['step'] == 1)
             {
                 $id = intval($_GET['id']);
                 if ($id != $member_row['id'])
                 {
                     $restricted_ids = explode(",",$un_editable_users);
                     if (in_array($id,$restricted_ids))
                     {
                         $SF->error('ليس لديك الصلاحيات للتحكم ببيانات هذا العضو');
                     }
                 }
                 $SF->html('<div align="center" dir="rtl">');
                 $SF->html('<p>سوف يتم حذف العضو , و لكن ماذا عن مواضيعه و ردوده ؟</p>');
                 $SF->html('<form action="member.php?del=1&step=2&id=' . $id . '" method="post">
                            <select size="1" name="member_subject" style="font-family: Tahoma; font-size: 8pt" dir="rtl">
                            <option value="1">عدم حذف مواضيع و ردوده</option>
                            <option value="2">حذف جميع ردوده و مواضيعه</option>
                            </select>
                            <input type="submit" value="موافق" style="font-family: Tahoma; font-size: 8pt" dir="rtl">
                            </form>');
                 $SF->html('</div>');
             }

             if ($_GET['step'] == 2)
             {
                 $id = intval($_GET['id']);

                 $getmemberinfo_query  = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE id='" . $id . "'");
                 $getmemberinfo_num    = $DB->sql_num_rows($getmemberinfo_query);
                 $getmemberinfo_row    = $DB->sql_fetch_array($getmemberinfo_query);

                 if ($getmemberinfo_num <= 0)
                 {
                     $SF->error('المعذره العضو المطلوب غير موجود !');
                 }

                 if ($_POST['member_subject'] == 1)
                 {
                     # Ok , do no thing :-)
                 }

                 if ($_POST['member_subject'] == 2)
                 {
                     $del_subject = $DB->sql_query("DELETE FROM " . $db_prefix . "subject WHERE writer='" . $SF->SafeSQL($getmemberinfo_row['username']) . "'");
                     if ($del_subject)
                     {
                         $SF->msg('تم حذف جميع مواضيع العضو');
                     }

                     $del_reply = $DB->sql_query("DELETE FROM " . $db_prefix . "reply WHERE writer='" . $SF->SafeSQL($getmemberinfo_row['username']) . "'");

                     if ($del_reply)
                     {
                         $SF->msg('تم حذف جميع ردود العضو');
                     }
                 }

                 $del_member = $DB->sql_query("DELETE FROM " . $db_prefix . "member WHERE id='" . $id . "'");
                 if ($del_member)
                 {
                     $SF->msg('تم حذف العضو ' . htmlspecialchars($getmemberinfo_row['username']));
                     $SF->go_to('member.php?main=1',2);
                 }
             }
         }

// **  **

    }

?>